Karbonn Sparkle V & Android One
Android One
Android One is a label that targets emerging markets. It specifies the minimum hardware requirements that a smartphone must have to be supported for 2 years by Google. This is one of the major opportunities for us in Mauritius. Some of you may think that it's too good to be true, but it exists, as I got myself an Android One phone !
Karbonn Sparkle V
I bought an android-one certified phone from an Indian Manufacturer Karbonn. Mine is the Karbonn Sparkle V. When I got it, It was still on Android 4.4. As soon as I configured the wifi, It offered the possibility to be updated to Android 5.0 . Many high end phones are still shipping with Android 4.4 today without any updates to Android 5.0.
- Display size: 4.5 inches
- CPU: Quad-core 1.3 GHz Cortex-A7
- Internal memory : 2GB
- GPU: Mali-400MP2
- RAM: 1GB
- Camera (back): 5 MP, 2592 х 1944 pixels, autofocus, LED flash
- Camera (front): 2MP
- GSM: 2G, 3G, 4G
User experience
Yesterday night, I updated to Android 5.1.1. UX-wise, the phone is very responsive, and snappy. My only complaint would be the lack of internal storage space. I think that 4GB would have been better. Another version of the Sparkle is currently brewing. I hope that Google bumps the hardware specs for the next Android One label. The price is very competitive: Rs 5700-5900 depending on where you buy it. Overall, I'm very happy with my purchase, and I definitely plan to buy another Android One phone at the end of this year.
Android One firmware
It is worth pointing out that Google offers 2 years of firmware update support. This is fantastic, as I get the equivalent of a Google Nexus phone, at a much more reasonable price. This is the major win for the Android One phones. Unlike manufacturers that tend to ignore firmware updates after 6 month, Google makes a smart move here.
--Logan
Improving NTP security against overflows
Saving the world ... on time !
The Network time protocol is a standard which is used to keep our computer's time accurate. The science involved in keeping clocks ticking on computers is far more complex than most people would assume.
As a comparison: The number of lines of code for University of Delaware NTP implementation -- which is the most widely deployed NTP software -- is slightly less than the source code of Internet Software Consortium's BIND product. I will spare us the details of the hair-pulling mathematics involved :)
Security record of Delaware NTP
I do not want to criticise the work of the past NTP developers. I am merely looking at the list of past vulnerabilities:
- Buffer overflow in crypto_recv()
- Buffer overflow in ctl_putdata()
- Buffer overflow in configure()
So what is a buffer overflow ? Let's use a picture to illustrate this:
As we can see here: The attacker keeps putting more sugar in the pan until it literally overflows. In computers, you can do the same thing. You can put more input than the storage location can accept, and you essentially overflow its content to the next adjcent storage location. There's one difference however: if you are smart, you can use the overflowing "sugar" to take control of the remote computer ! This is one of the classic ways to crack into a remote computer such as an NTP server, a Mac OS X laptop, or even a windows laptop. For geeks, you can put some "magic" in the overflowing sugar that executes "/bin/bash" and you can then run whatever you want on the NTP service.
Defeating overflows
I have extended the NTP memory allocator -- a manager which is in charge of allocating storage space in live memory -- and added an additional function that checks for buffer overflows that occur under certain conditions, namely multiplication. As I said previously, a lot of NTP involves complex mathematical calculations that can lead to vulnerabilities. This defeats an entire class of buffer overflows in NTP. Due to the large number of products that use University of Delaware NTP software, this is a significant step towards improving the Internet Security at large !
To put it in more simpler terms: We prevent the attacker from overflowing the pan with sugar. We have detectors in place that signal to the chef that something went wrong in the kitchen.
List of products using University of Delaware NTP software
I have attempted to list a few well known products which use University of Delaware NTP software. This is by no means, exhaustive:
- Various CISCO products.
- RedHat/CentOS Linux.
- Ubuntu Linux.
- Apple Macbooks.
- And many others
--Logan
Android One camera issue
Android One camera freeze
While attending a wedding today, I wanted to use my camera to record videos. When I switched to video mode, The application froze. Android reported that it was not able to connect to the camera.
Dark Powers of Linux to the rescue
Since Android was running a Linux kernel, I knew from experience that this was very likely a device driver module. Of course, since I did not have full access to the android kernel message log, I knew that it was based on my instinct :)
I still wanted to record the speeches about the responsibilities of Marriage from the gentleman who took his time to lecture the newly wed couple. So, I knew that I had to find a way to reset the camera. My idea was since I had switched to video mode before it froze, it probably remained in that state. I quickly killed the application, and reloaded it . Unsurpringly, it started directly in recording mode. I just had to click on record, and it did the trick.
My theory is that switching back and forth from camera to photo mode causes the driver to hang up with the Android kernel. Since my phone is supported by Google, I sent a report to them on the phone itself, including how to reproduce it :)
Google Android One rocks
Thanks to the support from Google, I can send bug reports to them, as the phone is supported for 2 years. Unlike other phone manufacturers, it's much better in my humble opinion.
--Logan
Getting the job done with Vim
Last Friday, Cyril pinged for an after-office beer party. It’s all legitimate for a Friday evening :-)
At my workplace I in-turn bugged Kaviraj, a networking fellow who enjoys the usual geek talks.
We finished work and reached Flying Dodo some time after 19h00. Cyril and the others had taken the table outside. We could that way enjoy the cozy weather, not too warm neither cold, listen to the live band and have a chilled beer. To make it more fun I asked for pizza.
A while later Mike joined us. Kaviraj, Mike and I got into some fun chatting about CLI tools. Mike was talking about “vi” and we shared the handy tricks when editing config files.
Commenting multiple lines in Vim
To toggle between line numbering and without line numbers, do :set nu and :set nu!. The line numbers are useful when editing config files, say when you need to comment a block of directives (e.g from line 15 to 25). You would do :15,25s/^/#/g to comment and commenting out would be :15,25s/^#//g.
In-line replacement of a word
At times you find a long word in a line which you need to replace. While your cursor is at the beginning of the word, you press cw and enter the new word. It’s replaced. Is it difficult to remember cw ? Just remember “change word” :-)
Saving with “root” privilege
Ever edited a file and while saving you realise you actually require super-privilege? It happens when you are tinkering as a regular user and the file is owned by root. If you’re a sudoer then the following could save you time:
:w !sudo tee %
The ! symbol allows you to execute shell commands and the % signifies the current file. We’re thus saying update by sending the content to the current file with sudo privilege.
Find and replace
To trigger a find we could simply do /theword and press n to hop to the next occurrence of the word. We could search the whole file for a particular word and replace all occurrences:
:%s/theword/anotherword/g
We could also limit the find & replace within a block of lines.
:15,25s/theword/anotherword/g
For more fine-tuning of the search, regular expressions would come handy.
Kaviraj & I left Flying Dodo at 21h00. That was a short moment having a geek chit-chat with like-minded folks.
Getting the job done with Vim
Last Friday, Cyril pinged for an after-office beer party. It’s all legitimate for a Friday evening :-)
At my workplace I in-turn bugged Kaviraj, a networking fellow who enjoys the usual geek talks.
We finished work and reached Flying Dodo some time after 19h00. Cyril and the others had taken the table outside. We could that way enjoy the cozy weather, not too warm neither cold, listen to the live band and have a chilled beer. To make it more fun I asked for pizza.
A while later Mike joined us. Kaviraj, Mike and I got into some fun chatting about CLI tools. Mike was talking about “vi” and we shared the handy tricks when editing config files.
Commenting multiple lines in Vim
To toggle between line numbering and without line numbers, do :set nu and :set nu!. The line numbers are useful when editing config files, say when you need to comment a block of directives (e.g from line 15 to 25). You would do :15,25s/^/#/g to comment and commenting out would be :15,25s/^#//g.
In-line replacement of a word
At times you find a long word in a line which you need to replace. While your cursor is at the beginning of the word, you press cw and enter the new word. It’s replaced. Is it difficult to remember cw ? Just remember “change word” :-)
Saving with “root” privilege
Ever edited a file and while saving you realise you actually require super-privilege? It happens when you are tinkering as a regular user and the file is owned by root. If you’re a sudoer then the following could save you time:
:w !sudo tee %
The ! symbol allows you to execute shell commands and the % signifies the current file. We’re thus saying update by sending the content to the current file with sudo privilege.
Find and replace
To trigger a find we could simply do /theword and press n to hop to the next occurrence of the word. We could search the whole file for a particular word and replace all occurrences:
:%s/theword/anotherword/g
We could also limit the find & replace within a block of lines.
:15,25s/theword/anotherword/g
For more fine-tuning of the search, regular expressions would come handy.
Kaviraj & I left Flying Dodo at 21h00. That was a short moment having a geek chit-chat with like-minded folks.
Follow Us!
Tags
Archives
- April 2019
- March 2019
- January 2019
- August 2018
- March 2018
- February 2018
- November 2017
- October 2017
- August 2017
- April 2017
- March 2017
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- January 2013
- October 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- May 2011
- March 2011
- February 2011
- January 2011
- October 2010
- July 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- June 2008
- May 2008
- August 2003
- July 2003
- May 2003